Absolute AppSec
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
- Update frequency
- every 10 days
- Episodes
- 297
- Years Active
- 2018 - 2025
Episode 297 - True/False Positives, Phishing Package Maintainers
The Absolute AppSec duo returns with an in-depth episode talking about true and false positives, where context matters and business impact must be taken into account in order to avoid rabbit holes. T…
Tue 09 Sep 2025
Episode 296 - OWASP Top 10, NX Compromise, Security News Sources
Ken and Seth kickoff a podcast by reviewing current state of the OWASP Top 10 project, given recent requests and interactions on Absolute AppSec slack from various contributors. This is followed by a…
Tue 02 Sep 2025
Episode 295 - DEF CON 33 Recap, Crocs and Socks (and Bots)
Seth and Ken return with a new episode summarizing their experience at DEF CON 33 and all things Las Vegas over the past month. This includes panels, talks, workshops, happy hours, and even corporate…
Tue 26 Aug 2025
Episode 294 - w/ Anshuman Bhartiya - AppSec in the Age of AI
Just in time for AppSec sweeps week, Anshuman Bhartiya is joining Seth Law (sethlaw on social media) and Ken Johnson (cktricky) on the Absolute AppSec podcast! With over a decade in the security ind…
Tue 19 Aug 2025
Episode 293 - AppSec's Reality Gap
Spurred by a recent article from Venture in Security, this episode delves deep into the practical application of security into an organization's SDLC. Covering a range of issues from gaps in contextu…
Tue 29 Jul 2025
Episode 292 - Manual Source Code Review, AI Slop in Bug Bounties, AppSec Authorization
Seth and Ken are _back_ to talk through some recent experiences and news across the industry. To start the episode, Seth highlights the edge cases uncovered during manual code review that require con…
Tue 15 Jul 2025
Episode 291 - w/ Sean Varga - OWASP Top 10 of AppSec Sales
Sean Varga, current regional sales manager with noted ASPM company Cycode joins Ken (@cktricky) and Seth (@sethlaw) to discuss the dawning realization organizations are having that they need AppSec e…
Tue 08 Jul 2025
Episode 290 - Authentication Fatigue, Browser AI Agents
Ken returns after a week's hiatus to review the latest AppSec news with Seth. Specifically, the idea that authentication fatigue exists for both consumers and developers. The amount of choice to impl…
Tue 01 Jul 2025
Episode 289 - Return of @lojikil - Context Matters
With @cktricky out on a grand tour across the country (or just unable to record for the day), @sethlaw succumbs to the dark side to give @lojikil a platform to talk about recent developments in the a…
Tue 24 Jun 2025
Episode 288 - Security and AI
Seth and Ken return with an in-depth discussion around the future of security due to use of AI. The landscape of security is changing quickly and we do not know where it is headed. As such, it is wor…
Tue 17 Jun 2025
Episode 287 - w/ Hayden Smith (Hunted Labs) - Open Source Dependency Threats
Hayden Smith, Hunted Labs Co-Founder comes on Absolute AppSec to discuss, among other things, the Hunted Labs work discovering and publicizing the EasyJson software supply chain threat. Before co-fou…
Tue 10 Jun 2025
Episode 286 - Kayra Otaner - Authenticating Open Source Developers
We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of…
Tue 20 May 2025
Episode 285 - easyjson, Software Dependencies, Breaches
News this week has been dominated by dependency issues and attribution towards unwanted nation states and actors. Specifically, easyjson is developed by a Russian firm that is under sanctions. The po…
Tue 13 May 2025
Episode 284 - BSidesSF/RSA Recap, Vibe Coding, WebAuthN
Back after a hiatus for both BSidesSF and RSA, Seth and Ken recap their experience at both conferences. TL;DR - BSidesSF is great for technical security content and community, RSA focuses on sales fo…
Tue 06 May 2025
Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages
Ok, so vulnerable MCP tools are a thing now? Ken demonstrates installing and running an intentionally vulnerable MCP server with a bunch of example issues. Following is a discussion of the recent art…
Tue 22 Apr 2025
Episode 282 - Model Context Protocol, A2A, NHI Authentication
It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have ex…
Tue 15 Apr 2025
Episode 281 - Signing Models, Vibe Coding, GitHub Action Abuse
The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its…
Tue 08 Apr 2025
Episode 280 - Middleware Vulnerabilities, Identifying Enumeration with LLMs
Seth and Ken are back with an episode dedicated to a review of the recent Next.js middleware vulnerability and how that impacts application security both specifically and in general. Over-dependence …
Tue 25 Mar 2025
Episode 279 - Conferences, Destructive Fatigue, Imposter Syndrome
After a week's hiatus, Ken and Seth return and start with a discussion on OWASP conferences and the effectiveness of attendance for vendors. This is followed by an expansive mental health discussion …
Tue 18 Mar 2025
Episode 278 - Security Conferences, Testing Data in Git, Unforgivable Vulnerabilities
Seth and Ken return without a guest to discuss recent news, breaches, and research. Initial discussions around the purposes of the various security conferences and what is recommended for various pro…
Tue 04 Mar 2025
Disclaimer: The podcast and artwork embedded on this page are the property of Ken Johnson and Seth Law. This content is not affiliated with or endorsed by eachpod.com.